@MS Techie Thank you for posting your question on Microsoft Q&A community forum. Happy to assist!
This is true- disabling MUA, currently, is like any other critical operation can be performed with the contributor permissions on the resource guard. We are working on some other capabilities that can help address concerns like these where we can put tighter controls, however, there are no immediate plans around this for MUA. Thanks for bringing this up, we will take note of this.
Update:
If you're wanting to deny using policy for azure subscription owner from disabling MUA. Then this is not possible as of today. Because there is a bit of pre-requisite work needed from our end (making MUA settings accessible by Azure Policy) in order to enable customers to write a deny policy for disabling MUA. This is on our roadmap, and we’ll be able to get back on more details around timelines.
----------------------------------------------------------------------------------------------------------------------
If the response helped, do "Accept Answer" and up-vote it